Change dhm_calc_secret() prototype
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index da787c3..4d7bd8a 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -219,11 +219,15 @@
* \param ctx DHM context
* \param output destination buffer
* \param olen number of chars written
+ * \param f_rng RNG function, for blinding purposes
+ * \param p_rng RNG parameter
*
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/
int dhm_calc_secret( dhm_context *ctx,
- unsigned char *output, size_t *olen );
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Free the components of a DHM key
diff --git a/library/dhm.c b/library/dhm.c
index 0c65dfe..a5c3e90 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -249,10 +249,15 @@
* Derive and export the shared secret (G^Y)^X mod P
*/
int dhm_calc_secret( dhm_context *ctx,
- unsigned char *output, size_t *olen )
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
+ (void) f_rng;
+ (void) p_rng;
+
if( ctx == NULL || *olen < ctx->len )
return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3b9d142..e751298 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1713,7 +1713,8 @@
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
- &ssl->handshake->pmslen ) ) != 0 )
+ &ssl->handshake->pmslen,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( ret );
@@ -1842,7 +1843,7 @@
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
- p, &n ) ) != 0 )
+ p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( ret );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index adf5a62..f0936b4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2386,7 +2386,8 @@
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
- &ssl->handshake->pmslen ) ) != 0 )
+ &ssl->handshake->pmslen,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
@@ -2472,7 +2473,7 @@
n = ssl->handshake->dhm_ctx.len;
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
- p, &n ) ) != 0 )
+ p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index f06b906..c5c6f75 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -239,7 +239,7 @@
fflush( stdout );
n = dhm.len;
- if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+ if( ( ret = dhm_calc_secret( &dhm, buf, &n, NULL, NULL ) ) != 0 )
{
printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 1eba806..3382307 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -242,7 +242,7 @@
printf( "\n . Shared secret: " );
fflush( stdout );
- if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+ if( ( ret = dhm_calc_secret( &dhm, buf, &n, NULL, NULL ) ) != 0 )
{
printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index e6524cc..e6fadfb 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -49,8 +49,8 @@
TEST_ASSERT( dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
- TEST_ASSERT( dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len ) == 0 );
- TEST_ASSERT( dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len ) == 0 );
+ TEST_ASSERT( dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len, NULL, NULL ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 );